--- wikisrc/pkgsrc/hardening.mdwn 2017/11/12 14:59:14 1.35 +++ wikisrc/pkgsrc/hardening.mdwn 2017/11/12 15:02:00 1.36 @@ -66,14 +66,13 @@ More details can be found here: ### PKGSRC_MKPIE -This requests the the creation of PIE (Position Independent -Executables) for all executables. The PIE mechanism is normally used -for shared libraries so that they can be loaded at differing addresses -at runtime. PIE itself does not have useful security properties. -However, some operating systems support Address Space Layout -Randomization (ASLR), which causes different addresses to be used each -time a program is run. This makes it more difficult for an attacker -to guess addresses and thus makes exploits harder to construct. +This requests the creation of PIE (Position Independent Executables) for all +executables. The PIE mechanism is normally used for shared libraries so that +they can be loaded at differing addresses at runtime. PIE itself does not have +useful security properties. However, some operating systems support Address +Space Layout Randomization (ASLR), which causes different addresses to be used +each time a program is run. This makes it more difficult for an attacker to +guess addresses and thus makes exploits harder to construct. PIE executables will only be built for toolchains that are known to support PIE. Currently, this means NetBSD on amd64 and i386.